In a statement signed by Director, Banking and Payment systems of CBN, Dipo Fatokun, the decision was made because of the risks associated with mobile banking.
This was contained in a tweet on the apex bank’s Twitter handle.
“Concerns have been expressed on the likely exposure of CBN-approved entities to the possible breaching of the Unstructured Supplementary Service Data (USSD) accessed by financial services in view of likely vulnerabilities in the technology and the ever-growing threats,” the electronic circular read.
Among other directives listed in the statement, CBN said, “Put a limit of N100,000.00 per customer, per day for transactions as may be required. However, customers desirous of higher limits shall execute documented indemnities with their banks or MMOs.
Mandate the use of an effective 2nd-factor authentication (2FA) by customers for all transactions above N20,000. This shall be in addition to the PIN being used as 1st level authenticator, which applies to all transaction amounts.”
The new directive is expected to take effect from June 2018.
The bank added that any customer that would like to do transactions over N20,000 will require a pin and soft token which they would get from their banks.
Banks are also expected to “install behaviour monitoring system with capacity to detect sim swap/ churn status, user location, unusual transactions at weekends, etc.”
This system is expected to be put in place by October 31st, 2018.